[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Esignal warning on Bugtrack



PureBytes Links

Trading Reference Links

   Esignal will reply once they do some research.  They have recieved some
   inquiries from us with regard to this post.


The notice was a warning to users of Esignal's feed, not an attempt to
"hack" Esignal (but the vendor of an insecure product usually makes
that specious claim in a face-saving gesture).

The Hungarian sender is typical, Europeans are far more concerned
about computer security than Americans.  The warning referenced a
proof of concept exploit that is available to anyone (especially the
worldwide bored script kiddies) with perl.  Perl is available for
Windows machines thru ActiveState and is a semi-standard component of
unix installations.  The initial part of the exploit was a commonplace
(over the last several years) buffer overflow and there are a couple
of simple ways to stop that, depending on your system setup.  In
short, you can try it yourself to see what happens, but it would be
smart to carefully obtain the referenced exploit, since you cannot
trust anyone on the Internet nowdays.

Hopefully Esignal will release some simple fix in a couple of days or
demonstrate that the sample exploit is flawed.  I don't use the
Esignal feed myself, so I cannot verify the warning.